没有IPv6地址的VLAN时思科3560 G没有通过IPv6 RA

Question

问题：

当在启用IPv6的交换机上没有L3地址的VLAN时，除非有分配给VLAN的IPv6地址，否则没有RA通过VLAN。不过，静态辅助是可以达到的。

Switch(config)#interface Vlan 3
  no ipv6 address autoconfig # RA from mikrotik not working
  ipv6 address autoconfig # RA from mikrotik suddenly starts working
  no ipv6 address autoconfig # IPMI immediately losts SLAAC IPv6 address and become unresponsive

拓扑：

->上行链路-> Cisco (L3路由到VLAN) ->服务器

我接收非路由/27 IPv4和/48 IPv6，它们通过上行链路上的单一/64 (vlan 1)路由。因此，思科做IPv6路由到VLAN，其中每个VLAN分配唯一的/64范围与RA启用。每个需要IPv4的人都被分配到第二个端口(模式访问+ vlan 1)。

然而，VLAN 3是特殊的，因为它是通过mikrotik (防火墙)委派的，然后使用相同的cisco作为L2交换机(access vlan 3)。在这种情况下，流量超过思科两次。

-> Uplink -> Cisco -> (Gi0/2 VLAN 2 -> ether1) Mikrotik (ether2 -> Gi0/3 VLAN 3) -> Cisco -> IPMI

IPMI随后连接到VLAN 3，委托的IPv6预计将通过mikrotik进行管理。

当我们将IPMI直接连接到mikrotik时，它可以正常工作，没有任何问题。

显示ver

Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
*    1 52    WS-C3560G-48TS     15.0(2)SE4            C3560-IPSERVICESK9-M

显示运行-配置

version 15.0
ipv6 unicast-routing
interface GigabitEthernet0/1  # uplink port
!
interface GigabitEthernet0/2  # ether1 to mikrotik
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet0/3  # ether2 from mikrotik, which manages IPv6 RA
 switchport access vlan 3
 switchport mode access
!
....
interface GigabitEthernet0/27 # Example of server uplink
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/28 # Example of IPMI uplink
 switchport access vlan 3
 switchport mode access
!
interface GigabitEthernet0/41 # Example of port with IPv4
 switchport access vlan 1
 switchport mode access
!
...
interface Vlan1 # Uplink VLAN
 no ip address
 ipv6 address fc00:0:0:ffff::1/64
 ipv6 nd ra suppress all
!
interface Vlan2 # Mikrotik prefix delegation network
 no ip address
 ipv6 address fc00:0:0:1::1/64
 ipv6 nd ra suppress all
!
interface Vlan3 # IPMI VLAN - IP addresses are managed by mikrotik
 no ip address
!
interface Vlan10 # VLAN for servers
 no ip address
 ipv6 address fc00:0:0:10::1/64
 ipv6 nd managed-config-flag
 ipv6 nd other-config-flag
 ipv6 dhcp relay destination .......
!
...
ipv6 route fc00:0:0:3::/64 fc00:0:0:1::2 # Prefix delegation to mikrotik
ipv6 route ::/0 fc00:ffff::2

ipv6 address autoconfig

显示sdm更喜欢

The current template is "desktop IPv4 and IPv6 routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

 number of unicast mac addresses:                  1.5K
 number of IPv4 IGMP groups + multicast routes:    1K
 number of IPv4 unicast routes:                    2.75K
   number of directly-connected IPv4 hosts:        1.5K
   number of indirect IPv4 routes:                 1.25K
 number of IPv6 multicast groups:                  1.125k
 number of directly-connected IPv6 addresses:      1.5K
 number of indirect IPv6 unicast routes:           1.25K
 number of IPv4 policy based routing aces:         0.25K
 number of IPv4/MAC qos aces:                      0.5K
 number of IPv4/MAC security aces:                 0.5K
 number of IPv6 policy based routing aces:         0.25K
 number of IPv6 qos aces:                          0.625k
 number of IPv6 security aces:                     0.5K

Answer 1

通过升级到IOS 15.0(2)SE10 (c 3560-ipservicesk9-mz.150-2.SE4)进行修正。见鬼，花了一整天的时间来解决这个问题。